Technology related failures persist because the full range and impact of technology risks is often ‘clouded by controls’. Existing control frameworks, usually focused on information security, provide an illusion of assurance whilst leaving major technology risks unmitigated.
KPMG’s Technology Risk team helps clients to manage their technology risks. Our team brings technology risk awareness to the boardroom while helping clients keep information assets secure, systems functioning and controls operating effectively.
What's on your mind?
- Are you implementing a new system and can’t afford for the project to fail?
- Does your business embrace technology to reach new markets or are you in danger of being left behind? How do you control the risks of the new technologies?
- Do you have multiple compliance requirements or have a new compliance requirement to implement?
- Do you understand your data risks? Do you really know where or how you might be exposed?
- Do you have a rigorous process to identify and manage IT risks? Do you want to increase the value your IT risk management process provides?
- Do your IT systems deliver the value you anticipated? Does the IT organisation struggle to meet the expectations of the business?
- Do you rely on third parties to deliver your critical IT services? Do you understand the risks your service providers create for your business?
Bringing you peace of mind
We understand that clients rarely have an IT challenge that fits in a convenient service pigeon-hole. That’s why our Technology Risk professionals work with our clients to develop complete solutions that fit their needs, drawing upon multiple Technology Risk (and other) related services. Our aim is always to provide you with a service that meets your precise requirements.
Our Technology Risk services include:
- Business systems & controls
- Data risk management
- Independent project assurance
- IT internal audit
- IT risk management
- Regulatory & compliance
- Third party risk
No matter what your IT challenge, you can be sure that KPMG Technology Risk will provide you with a bespoke solution built on our proven methodologies, tools and techniques.
What's in it for you?
With our suite of Technology Risk services we can help you to:
- Manage change – helping you identify key project risks and flagging weaknesses in controls. Providing you with practical recommendations that increase the likelihood of a successful project outcome.
- Manage compliance – helping you develop and implement an integrated compliance control framework; increasing assurance and improving efficiency. Providing you with expert advice on the latest compliance requirements.
- Manage data – helping you identify key data risks and highlighting weaknesses in data controls. Providing you with data governance advice and expertise.
- Manage IT risk – helping you develop and implement an effective IT risk management process focussed on delivering your business objectives. Providing you with expert advice on the latest IT risk thinking.
- Manage performance – helping you improve IT governance arrangements; driving improved IT performance. Highlighting weaknesses in IT processes & controls and making practical recommendations for improvement.
- Manage third parties – helping you identify and risk assess critical IT service providers. Providing you with assurance over the processes & internal controls of your key third party providers.
- Independence – We are not tied into any technology or software vendor. All of our recommendations and technical strategies are based solely on what is fit and appropriate for your business.
- Commitment – Our client relationships are built on mutual trust and long-term commitment to providing effective and efficient solutions, and we are dedicated to providing a service that is second to none.
- Industry knowledge – Our team brings technology risk awareness to the boardroom with industry knowledge to provide effective solutions that bring people, process and technology together, helping clients keep information assets secure, systems functioning and controls operating effectively.
- Global Reach – KPMG is a global network of over 140,000 professionals in 140 countries. We have over 300 people based in the Technology Risk team in the UK. With a strong presence in London we are supported by regional teams who can service your needs locally.
Our client, a global food & drink company, was planning to roll SAP out to over 100 countries and 100,000+ users.
Recognised as one of the most complex SAP implementations in the world, the implementation required management of a huge volume of IT configuration changes each month to meet the needs of countries joining the platform. At the same time, the implementation project had to provide a stable production environment for those countries already live on the system.
Unfortunately, our client had experienced several serious outages as a result of poorly controlled configuration changes. This in turn had started to undermine senior management confidence and support for the project, increasing the risk of overall project failure.
What we did
KPMG developed a structured programme to assess all aspects of the client’s configuration change control process.
We worked jointly with the implementation project team and SAP to:
- identify root causes of the configuration change control problems
- develop and assess alternative configuration change control solutions
- provide a configuration change control roadmap and detailed actions plans to address the root causes of the project’s change control problems.
The client was able to implement the roadmap and address the root causes of the project’s configuration change control problems.
Implementation of our recommendations resulted in an 80% reduction in critical configuration changes and increased stability of the production platform. In addition, senior management confidence in the project was restored and the implementation project completed to schedule without further significant disruption.